TxTag trauma: state shuts down toll tag website

The Texas Department of Transportation has dismantled a portion of its toll tag website after a blogger noticed that it was leaving users’ credit card information exposed.

Last week, blogger David Longnecker of Dripping Springs wrote a post highlighting a flaw in the TxTag.org website that could allow someone to view a toll tag user’s credit card information in a page’s html code.

Within days, Longnecker noticed that TxDOT had shut down the “Update” page of the “Autopay” section of the site, which was where the personal data was exposed. Visitors to TxTag.org are currently blocked from making any updates to the autopay feature on their account.

Explore where you live.

“TxDOT is aware of the blog post and the described vulnerability,” TxDOT spokesman Bob Kaufman said Tuesday. “There were no breaches of security on the TxTag site and no customer information was accessed.”

Kaufman said the agency disabled the page and is “working on enhancements.” Users who try to access that page are encouraged to make a one-time payment instead.

“We regret any customer inconvenience as we work to further enhance the security features of our site,” Kaufman added.

Read Next

The Texas House passed a bill to ban red-light cameras. The legislation by Republican state Representative Jonathan Stickland of Bedford TX will go to the Senate for a vote. The deadline to pass laws is May 27.